Computer Help Community

Community

Cyber Tech Help Community

New Tutorials

More Tutorials
PC Tutorials

New Downloads

More Downloads
PC Downloads

Member Testimonials

Open Member Quote   Great job u guys Cyber Tech staff and others connected to this web site one way or another!!! Really happy to find this website!! Big help for me and for my friends. See ,I build PCs for my side business here in Japan and I find this website; forums tutorials etc very helpful in my business. I know there are a lot more out there but I believe this site is better. More power to you guys! - pcbuilder  Close Member Quote
Member Testimonials
MY CYBER TECH HELP

LATEST TOPICS

Tech Help Community

Free Antivirus Scan

Free Virus Scan and a listing of the top 10 viruses in the wild - Free Antivirus Scan
Free Online Antivirus Scan

File Extension Database

Find what program a filetype belongs to in our searchable File Extension Database.
File Extension Database

Services

See what services Cyber Tech Help can offer your business or website: CTH Services
CTH Services

Related MS Links

Related Links
Cyber Tech Help Community

To the top of the page to top

 



Critical Security Flaw Found in Winamp

Latest News Latest News | News ArchiveNews Archive | Cyber Tech Help News RSS Feed!

Critical Security Flaw Found in WinampCritical Security Flaw Found in Winamp

Posted by: Tweaker
Date added: 22:54, 30th January 2006 GMT
Source: Beta News

UPDATED An "extremely critical" security vulnerability has been discovered in AOL's Winamp digital media player, relating to the way the software handles filenames that include a computer name. An exploit has already surfaced for the flaw, which affects version 5 of the software.

By late Monday, Winamp developers had already released version 5.13 of the software, which plugs the security hole. According to an advisory by Secunia, the vulnerability "can be exploited to cause a buffer overflow via a specially crafted playlist containing a filename starting with an overly long computer name." A successful attack can lead to arbitrary code being run on a user's computer.

The problem was first reported alongside the exploit created by ATmaCA, and utilizes a specially crafted playlist file to overflow Winamp. The PLS file can simply be loaded remotely through an IFRAME on a Web site.

This isn't the first critical vulnerability to hit AOL's popular player. Last July, a bug was discovered in Winamp's handling of ID3v2 tags. That issue also involved a buffer overflow that could have led to a remote system compromise, but it required some user interaction.

Tools:  Tools: Post a comment | Link to this news item | Send to a friend | Submit News

 

Post a commentPost a comment

Error: You are not logged in.

In order to leave comments to news articles you must be a Cyber Tech Help Member.

Registration is completely free!  Register to become a member!  Register to become a member

Along with access to leave comments to news articles you will be able to ask any computing questions you might have on the Cyber Tech Help Forums.

 

[ To the top of the page To top | Latest News Latest News | News Archive News Archive | Cyber Tech Help News RSS Feed! ]